- Sony unveils its 2025 Bravia TV lineup, and a new flagship OLED has me excited
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU
- SolarWinds launches incident response tool, boosts AI in observability platform
- Linux Foundation Networking shares new AI projects, milestone releases
- Connecting the fans: Cisco's tech-driven transformation of St. Louis CITY SC
Cyber Security and Resilience Bill Will Apply to 1000 UK Firms
A major new cybersecurity law set to come into force later this year will demand new compliance requirements of 1000 UK organizations, the government said today.
The Cyber Security and Resilience Bill is the government’s long-awaited answer to the EU’s NIS2 – a new piece of legislation that builds on the European NIS Directive of 2016.
The UK’s interpretation of that directive, known as NIS Regulations 2018, has been due an update for several years.
At the time of writing, the full policy statement on the proposed bill has not been published. However, the government said that if all of its proposals are adopted, they will:
- Bring into scope more organizations and suppliers, including datacenter operators and managed service providers (MSPs), that will be expected to improve risk assessments, data protection and network security
- Give regulators “more tools” to help them raise security standards
- Mandate more detailed incident reporting, expected to include ransomware breaches
- Grant the government more powers to update regulatory frameworks when needed, to make rules fit for purpose as threats and technology environments evolve and new sectors require regulating
NCSC CEO, Richard Horne, described the legislation as a “landmark moment” that will help to enhance the cyber resilience of countless critical infrastructure sectors such as water, power and healthcare.
“It is a pivotal step toward stronger, more dynamic regulation, one that not only keeps up with emerging threats but also makes it as challenging as possible for our adversaries,” he added.
“By bolstering their cyber defenses and engaging with the NCSC’s guidance and tools, such as Cyber Assessment Framework, Cyber Essentials, and Active Cyber Defence, organizations of all sizes will be better prepared to meet the increasingly sophisticated challenges.”
The government claimed cyber-threats cost the UK economy almost £22bn a year between 2015 and 2019, and that half of businesses suffered an attack over the past year, amounting to over seven million incidents.
SoSafe CSO, Andrew Rose, cautiously welcomed the legislative proposals.
“While it’s positive to see a crackdown on security measures, supply chains, reporting and regulation, it’s essential that the government address the ‘elephant in the room’ – that most cyber-attacks target human vulnerabilities rather than technological ones,” he added.
“Training and educating staff must be a priority. The importance of providing your first line of defence – your people – with the necessary tools and knowledge to deter criminals should not be underestimated by both the government and businesses.”
